https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4737077#M578779 <P>Thanks for this feedback.</P> <P>Another point which must also be taken into account:</P> <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">We could not reimport the ISE Messaging Service certificate on the new equipments.</SPAN></SPAN></P> <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">Can this have an impact on the logs knowing that the option [Use "ISE Messaging Service" for UDP Syslogs delivery to MnT ] is disabled?</SPAN></SPAN></P> <P>&nbsp;</P> Mon, 12 Dec 2022 13:37:26 GMT jds5 2022-12-12T13:37:26Z https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4736923#M578772 <P>Hello,</P> <P>Following the reset of the /opt partition which was full (100%) on MNT, we no longer have Splunk logs on 2 new PSN 3695</P> <P>while the other 4 PSN(3595) continue to work correctly.</P> <P>There are collection log Errors:</P> <P>The ISE MNT collector process is unable to persist the audit logs generated from the Policy Service nodes.</P> <P>The current version is: 2.7.0.356 P5</P> <P>BR,</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 12 Dec 2022 10:53:16 GMT https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4736923#M578772 jds5 2022-12-12T10:53:16Z https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4736957#M578773 <P>I found this bug&nbsp; CSCvv08466 which seems to correspond but it's already fixed in patch 3&nbsp;</P> Mon, 12 Dec 2022 11:00:56 GMT https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4736957#M578773 jds5 2022-12-12T11:00:56Z https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4736959#M578774 <P>&nbsp;</P> <P>&nbsp;- Probably a bug as these reports seem indicative&nbsp;<A href="https://bst.cloudapps.cisco.com/bugsearch?pf=prdNm&amp;kw=The%20ISE%20MNT%20collector%20process%20is%20unable%20to%20persist%20the%20audit%20logs%20generated%20from%20the%20Policy%20Service%20nodes&amp;bt=custV&amp;sb=anfr" target="_blank">https://bst.cloudapps.cisco.com/bugsearch?pf=prdNm&amp;kw=The%20ISE%20MNT%20collector%20process%20is%20unable%20to%20persist%20the%20audit%20logs%20generated%20from%20the%20Policy%20Service%20nodes&amp;bt=custV&amp;sb=anfr</A>&nbsp;, also take care with 2.7<FONT color="#FF0000">P<U><STRONG>5</STRONG></U></FONT> because of&nbsp;<A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa00729" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa00729</A>&nbsp; , consider stepping up (<FONT color="#008000"><EM>installing higher patch</EM></FONT>) as soon as possible ,&nbsp;</P> <P>&nbsp;M.</P> Mon, 12 Dec 2022 11:02:47 GMT https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4736959#M578774 Mark Elsen 2022-12-12T11:02:47Z https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4737077#M578779 <P>Thanks for this feedback.</P> <P>Another point which must also be taken into account:</P> <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">We could not reimport the ISE Messaging Service certificate on the new equipments.</SPAN></SPAN></P> <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">Can this have an impact on the logs knowing that the option [Use "ISE Messaging Service" for UDP Syslogs delivery to MnT ] is disabled?</SPAN></SPAN></P> <P>&nbsp;</P> Mon, 12 Dec 2022 13:37:26 GMT https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4737077#M578779 jds5 2022-12-12T13:37:26Z https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4737081#M578780 <P>this could not be done because on the new PSN, the ISE Messaging Service certificate used has a different domain name</P> Mon, 12 Dec 2022 13:40:32 GMT https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4737081#M578780 jds5 2022-12-12T13:40:32Z https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4737095#M578781 <OL> <LI>Navigate to <STRONG>Administration &gt; System &gt; Logging</STRONG>.&nbsp; You should see that <STRONG>Use ISE Messaging Service for UDP Syslogs delivery to MnT</STRONG> is enabled.&nbsp; This is a new feature that was released in ISE 2.6 and I have run in to this issue.&nbsp; You may need to regenerate these certificates after an upgrade.</LI> <LI>To fix this you need to generate new deployment-wide signed certificates.&nbsp; This is a simple process that can be done by navigating to <STRONG>Administration &gt; System &gt; Certificates</STRONG> and choosing <STRONG>Certificate Signing Requests</STRONG> from the left menu</LI> <LI>Click the button for <STRONG>Generate Certificate Signing Requests (CSR)</STRONG></LI> </OL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CharlieMoreton_0-1670852751126.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/170671i0F5B8380152FFF8C/image-size/medium?v=v2&amp;px=400" role="button" title="CharlieMoreton_0-1670852751126.png" alt="CharlieMoreton_0-1670852751126.png" /></span></P> <OL start="4"> <LI>In the Usage field, select that the Certificate(s) will be used for <STRONG>ISE Messaging Service</STRONG></LI> </OL> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IMS.png" style="width: 268px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/170678iC460F3CDAFBF349A/image-size/large?v=v2&amp;px=999" role="button" title="IMS.png" alt="IMS.png" /></span></P> <OL start="5"> <LI>Since this is an upgrade, ISE Messaging may not have been enabled previously, you need to select <STRONG>Generate CSR for ISE Messaging Service</STRONG></LI> <LI>Select ALL the ISE Nodes and fill out the certificate fields</LI> </OL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CharlieMoreton_2-1670852751135.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/170673i6ABD6A29BAAD2ED0/image-size/medium?v=v2&amp;px=400" role="button" title="CharlieMoreton_2-1670852751135.png" alt="CharlieMoreton_2-1670852751135.png" /></span></P> <P>&nbsp;</P> <OL start="7"> <LI>Of course, you should follow any guidance and troubleshooting from the <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/upgrade_guide/Upgrade_Journey/Cisco_ISE_2_7_Upgrade_Journey.html" target="_self">Cisco Identity Services Engine Upgrade Guide, Release 2.7</A></LI> </OL> Mon, 12 Dec 2022 13:50:47 GMT https://community.cisco.com/t5/network-access-control/ise-no-more-logs-after-having-replaced-psn/m-p/4737095#M578781 Charlie Moreton 2022-12-12T13:50:47Z